How does HSRP standby router react to an incoming packet?

marwan.khoury · ‎01-31-2012

Dear Cisco Community,

I am a bit confused about how does the standby router react to incoming packets.

Given the below:

R1 <--------------physical/logical connection----------------------->R2

| |

R3 R4

R3 and R4 are in HSRP with R4 being standby.

First, is the HSRP traffic using the phsical/logica connection to communicate between R3 and R4 and should there be any specific configuration on R1 and R2?

Second, if R4 receives a incoming packet from another interface (external router for ex), does it forward it to R3 and R3 route accordingly or does R4 send the packet directly?

Thank you for your help

Regards,

Vivek Ganapathi · ‎01-31-2012

Hi,

Is R1 & R2 are Layer 3 device? May be an upstream device connecting to WAN ? Anyways, i will explain you both scenarios, R1 & R2 being Layer 3 or Layer. Ok, as you said R3 & R4 HSRP enabled devices with R4 being standby.

From Layer 3 perspective, all the traffic downstream to R3 & R4 will be processed by R3 only. Remember, you would be configuring a standby IP address between R3 & R4. So, you would have the routing from R1 & R2 pointing back to the virtual HSRP IP (standby IP).

If R1 & R2 were layer 2 devices (Access switches) then on R3 & R4 you would be defining all your Layer 3 VLANs etc & making R3 as active HSRP switch & R4 as backup (standby). Even in this case, all the traffic would be flowing via R3 only. Incase of R3 switch fails, HSRP hellos fails & R4 will takeover as primary.

Hope this clarifies.

Thanks

Vivek

*Please do rate, if you found helpful

marwan.khoury · ‎01-31-2012

First I would like to thank you for your reply.

Let me explain a bit more in details and give the full description of the scenario i am asking about

R1 and R2 are layer 3 switches with let's say VRRP with vip 1.1.1.1

R3 and R4 are layer 3 switches with HSRP with vip 2.2.2.2

R1 and R2 are connected physically

R1 is connected physically to R3

R2 is connected physically to R4

R3 and R4 are not connected directly

First:

how are the HSRP packets flowing between R3 and R4, are they using the physical link between R1 and R2 and should these routers be aware of this?

Second:

Let say that R3 and R4 are connected through other interfaces to OSPF links for example.

R4 receive a packet that should be sent through gateway 1.1.1.1, does R4 forward the packet directly to R1/R2 or does the packet go first to R3 through the R1 and R2 connection and then R3 forwards it to the active router of R1/R2.

Regards,

milan.kulik · ‎01-31-2012

Hi,

ad First:

As HSRP is using multicasts while talking each router to the others, you usually need an L2 connection to other HSRP participants.

You in theory might configure some multicast routing through R1 and R2 possibly, but I would not recommend that.

ad Second:

When a router receives any packet, it forwards it based on the IP header (destination IP address). No matter "it should have been sent to 1.1.1.1 gateway". So in your case, R4 does forward the packet directly to active router of R1/R2.

HTH,

Milan

marwan.khoury · ‎02-02-2012

Hi Milan,

Thank you so much for your response, it does seem more obvious that R4 forwards it directly.

So only packets sent to HSRP VIP are forwarded by the active router and the next hop defined by the R1/R2 will be this HSRP VIP and R4 can still send packets to its next hop (VRRP VIP).

Can you confirm?

Regards,

milan.kulik · ‎02-02-2012

Hi,

I can confirm:

A router does not care about HSRP or VRRP status while forwarding packets.

Even while standby from HSRP point of view, it simply forwards the packet to the next-hop according to its routing table.

The only diffrence is: When the router is HSRP active (or VRRP master), it receives the packets sent to virtual HSRP (or VRRP) MAC address. And then forwards them based on its routing table.

When the router is in HSRP standby (or VRRP backup) mode, it ignores the packets sent to the virtual HSRP (or VRRP) MAC address.

I hope to be 100% clear now.

BR,

Milan

marwan.khoury · ‎02-04-2012

hello again, what happens if both R3 and R4 are considering themselves as active, can any packet loss or other problems occur? regards

milan.kulik · ‎02-05-2012

Hi,

if two routers in the same HSRP group "think" they are active, they can both accept packets sent to the HSRP virtual MAC address and forward them to the network. Which can cause problems on the target device receiving the same packet twiceorpackets in incorrect order.

But this should not happen as long as HSRP is configured correctly and ther exists an L2 connectivity between those two routers.

HTH,

Milan

marwan.khoury · ‎02-05-2012

hi Milan, wouldn't there be a table on the switch before reaching the routers that sends frames destined to a mac (in our case the virtual hsrp mac) through a certain interface on the switch? thus sending traffic either to R3 or R4? regards,

milan.kulik · ‎02-05-2012

Hi,

the virtual MAC address might be flapping then from the switch point of view.

BR,

Milan

marwan.khoury · ‎02-05-2012

hello again, so in this case, will there be any routing problem? both routers will receive packets and send them to the destination, am I right? BR,

milan.kulik · ‎02-06-2012

Yes,

but the flapping virtual MAC address could bring troubles like incorrect order of packets deliverd to the destination, asymmentric routing, etc.

BR,

Milan

Vivek Ganapathi · ‎02-01-2012

Lets begin with a topology

As you mentioned that there is no direct connectivity between R3 & R4. Now, there has to be a mechanism through which HSRP packets should flow & that too via a Layer 2 medium only. Seeing this topology, we can easily make out that you have a Layer 3 domain. Unfortunately you have to run a direct cable between R3 & R4 as a trunk for your HSRP communication to work. Remember, all FHRP protocols require a Layer 2 medium to communicate with each other.

Now, coming to your second Question, this will not hold good until you sort out your 1st. You need to have a below topology

Now, Assuming that you connect a direct cable between R3 & R4, then this question is answerable with lot of if's & but's. Lets see how

1) R3 & R4 have dual links connected to a network running with OSPF. Now, there are 2 things you can achieve here

Equal cost loadbalancing
To have any one link preferred at a given point of time

2) Now, assuming that You opted for R3 as the preferred path. Assuming that a host sitting on 10.100.10.x segment initiates a traffic to 10.107.x network. The packet flow would be R3--> R1 (Assuming R1 is VRRP primary). So, the packet would never go to R4 or R2. To add, you need to have a static route from R3 & R4 to 10.107.x segment to the VIP of VRRP. & reverse route on R1 & R3 to 10.100.10.x pointing to VIP of HSRP.

i tried my best to keep it simple. Hope it clarifies. Do let me know.

Thanks

Vivek

marwan.khoury · ‎02-01-2012

Hi Vivek,

Thank you so much for your detailed explanation.

The only question remaining is :

What happens if there wasn't any preferred path.

Both of the OSPF links are equally balancing traffic towards R3 and R4.

What happens when R4 receives the packet, does it send it directly to VRRP VIP or does it forward it to R3 who sends it to VRRP VIP?

Same question applies if R4 is forwarding the packet, then R2 will receive it, will it then send directly to destination or will it forward it to R1?

Thanks,

Kind regards,

Vivek Ganapathi · ‎02-02-2012

Hi Marwan,

Sorry couldn't respond you back yesterday. The topology which i have shown you is just for an example. In reality, it's not a good setup at all. Running HSRP between R3 & R4 doesn't make sense actually. HSRP is to provide First-hop redundancy only. Incase if you had your L3 VLANs on R3, R4 it would really make some sense of running HSRP.

But just for the sake of discussion : If R4 receives a packet it will send it to R3 & then to VRRP VIP (i.e R1 being primary VRRP). It totally depends on which is the primary device. if R2 was primary, then R4 would have forwarded it to R2 directly.

Thanks

Vivek